I am looking for a way to identify NAT-T traffic on an IPSEC connection and define a custom app for it. T o identify the IKE control plane traffic we would be looking for a 4 zero-valued bytes pattern at IP offset 28 on UDP 4500 traffic. It seems the 00 00 00 00 is the only consistent pattern in the traffic stream. Can RegEx be used to create a 7 byte pattern match? The reason for the custom app is to limit NAT-T traffic to a VPN termination point that is being overrun with requests when there is client side misconfiguration. thanks!
... View more